# Framework源码分析 启动流程 Zygote启动SystemServer ## 背景 Framework中最为重要的就是四大组件了,整个Android体系都是围绕四大组件进行搭建的。之前相关的源码看过一篇,但是因为最近在学习插件化框架相关的知识,发现很多细节记得不是很清楚了,再加上现在市面上将Android源码的书中基于的Android源码版本已经很老了, 所以这次打算自己再深入学习一遍。这个系列都是基于`AndroidX`, branch `android_10.0.0_r1`进行分析。 ## ActivityManagerService在system\_server中的初始化 整个Android启动流程大体是: 加电启动->fastboot->kernel->init->Zygote `Zygote`的启动代表着整个Android世界开始构建。`Zygote`启动时会拉起`system_server`, 而Android大部分系统服务都是在`system_server`中初始化的 ### Zygote启动system\_server #### ZygoteInit.forkSystemServer ```java [frameworks/base/core/java/com/android/internal/os/ZygoteInit.java] /** * Prepare the arguments and forks for the system server process. * * @return A {@code Runnable} that provides an entrypoint into system_server code in the child * process; {@code null} in the parent. */ private static Runnable forkSystemServer(String abiList, String socketName, ZygoteServer zygoteServer) { long capabilities = posixCapabilitiesAsBits( OsConstants.CAP_IPC_LOCK, OsConstants.CAP_KILL, OsConstants.CAP_NET_ADMIN, OsConstants.CAP_NET_BIND_SERVICE, OsConstants.CAP_NET_BROADCAST, OsConstants.CAP_NET_RAW, OsConstants.CAP_SYS_MODULE, OsConstants.CAP_SYS_NICE, OsConstants.CAP_SYS_PTRACE, OsConstants.CAP_SYS_TIME, OsConstants.CAP_SYS_TTY_CONFIG, OsConstants.CAP_WAKE_ALARM, OsConstants.CAP_BLOCK_SUSPEND ); /* Containers run without some capabilities, so drop any caps that are not available. */ StructCapUserHeader header = new StructCapUserHeader( OsConstants._LINUX_CAPABILITY_VERSION_3, 0); StructCapUserData[] data; try { data = Os.capget(header); } catch (ErrnoException ex) { throw new RuntimeException("Failed to capget()", ex); } capabilities &= ((long) data[0].effective) | (((long) data[1].effective) << 32); /* Hardcoded command line to start the system server */ String args[] = { "--setuid=1000", "--setgid=1000", "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023," + "1024,1032,1065,3001,3002,3003,3006,3007,3009,3010", "--capabilities=" + capabilities + "," + capabilities, "--nice-name=system_server", "--runtime-args", "--target-sdk-version=" + VMRuntime.SDK_VERSION_CUR_DEVELOPMENT, "com.android.server.SystemServer", // 类名 }; ZygoteArguments parsedArgs = null; int pid; try { parsedArgs = new ZygoteArguments(args); Zygote.applyDebuggerSystemProperty(parsedArgs); Zygote.applyInvokeWithSystemProperty(parsedArgs); boolean profileSystemServer = SystemProperties.getBoolean( "dalvik.vm.profilesystemserver", false); if (profileSystemServer) { parsedArgs.mRuntimeFlags |= Zygote.PROFILE_SYSTEM_SERVER; } /* Request to fork the system server process */ // 通过fork启动system_server pid = Zygote.forkSystemServer( parsedArgs.mUid, parsedArgs.mGid, parsedArgs.mGids, parsedArgs.mRuntimeFlags, null, parsedArgs.mPermittedCapabilities, parsedArgs.mEffectiveCapabilities); } catch (IllegalArgumentException ex) { throw new RuntimeException(ex); } /* For child process */ if (pid == 0) { if (hasSecondZygote(abiList)) { waitForSecondaryZygote(socketName); } zygoteServer.closeServerSocket(); // 开始执行system_server return handleSystemServerProcess(parsedArgs); } return null; } ``` #### Zygote.forkSystemServer ```java [frameworks/base/core/java/com/android/internal/os/Zygote.java] /** * Special method to start the system server process. In addition to the * common actions performed in forkAndSpecialize, the pid of the child * process is recorded such that the death of the child process will cause * zygote to exit. * * @param uid the UNIX uid that the new process should setuid() to after * fork()ing and and before spawning any threads. * @param gid the UNIX gid that the new process should setgid() to after * fork()ing and and before spawning any threads. * @param gids null-ok; a list of UNIX gids that the new process should * setgroups() to after fork and before spawning any threads. * @param runtimeFlags bit flags that enable ART features. * @param rlimits null-ok an array of rlimit tuples, with the second * dimension having a length of 3 and representing * (resource, rlim_cur, rlim_max). These are set via the posix * setrlimit(2) call. * @param permittedCapabilities argument for setcap() * @param effectiveCapabilities argument for setcap() * * @return 0 if this is the child, pid of the child * if this is the parent, or -1 on error. */ public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) { ZygoteHooks.preFork(); // Resets nice priority for zygote process. resetNicePriority(); // fork一个system_server出来 int pid = nativeForkSystemServer( uid, gid, gids, runtimeFlags, rlimits, permittedCapabilities, effectiveCapabilities); // Enable tracing as soon as we enter the system_server. if (pid == 0) { Trace.setTracingEnabled(true, runtimeFlags); } ZygoteHooks.postForkCommon(); return pid; } private static native int nativeForkSystemServer(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities); ``` 可以看到`nativeForkSystemServer`是一个native函数,实际fork工作是丢给它来完成的,我们进去看下 #### nativeForkSystemServer ```cpp [frameworks/base/core/jni/com_android_internal_os_Zygote.cpp] static const JNINativeMethod gMethods[] = { ... // JNI函数注册, nativeForkSystemServer方法和com_android_internal_os_Zygote_nativeForkSystemServer函数绑定 { "nativeForkSystemServer", "(II[II[[IJJ)I", (void *) com_android_internal_os_Zygote_nativeForkSystemServer }, ... }; static jint com_android_internal_os_Zygote_nativeForkSystemServer( JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities, jlong effective_capabilities) { std::vector fds_to_close(MakeUsapPipeReadFDVector()), fds_to_ignore(fds_to_close); fds_to_close.push_back(gUsapPoolSocketFD); if (gUsapPoolEventFD != -1) { fds_to_close.push_back(gUsapPoolEventFD); fds_to_ignore.push_back(gUsapPoolEventFD); } // 调用ForkCommon pid_t pid = ForkCommon(env, true, fds_to_close, fds_to_ignore); if (pid == 0) { // 子进程 SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, permitted_capabilities, effective_capabilities, MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true, false, nullptr, nullptr); } else if (pid > 0) { // 父进程,也就是Zygote // The zygote process checks whether the child process has died or not. ALOGI("System server process %d has been created", pid); gSystemServerPid = pid; // There is a slight window that the system server process has crashed // but it went unnoticed because we haven't published its pid yet. So // we recheck here just to make sure that all is well. int status; if (waitpid(pid, &status, WNOHANG) == pid) { ALOGE("System server process %d has died. Restarting Zygote!", pid); RuntimeAbort(env, __LINE__, "System server process has died. Restarting Zygote!"); } if (UsePerAppMemcg()) { // Assign system_server to the correct memory cgroup. // Not all devices mount memcg so check if it is mounted first // to avoid unnecessarily printing errors and denials in the logs. if (!SetTaskProfiles(pid, std::vector{"SystemMemoryProcess"})) { ALOGE("couldn't add process %d into system memcg group", pid); } } } return pid; } ``` 在fork system\_server进程时是通过`ForkCommon`函数,`ForkCommon`中再调用fork来完成。 #### ForkCommon ```cpp [frameworks/base/core/jni/com_android_internal_os_Zygote.cpp] static pid_t ForkCommon(JNIEnv* env, bool is_system_server, const std::vector& fds_to_close, const std::vector& fds_to_ignore) { SetSignalHandlers(); // Curry a failure function. auto fail_fn = std::bind(ZygoteFailure, env, is_system_server ? "system_server" : "zygote", nullptr, _1); // Temporarily block SIGCHLD during forks. The SIGCHLD handler might // log, which would result in the logging FDs we close being reopened. // This would cause failures because the FDs are not whitelisted. // // Note that the zygote process is single threaded at this point. BlockSignal(SIGCHLD, fail_fn); // Close any logging related FDs before we start evaluating the list of // file descriptors. __android_log_close(); stats_log_close(); // If this is the first fork for this zygote, create the open FD table. If // it isn't, we just need to check whether the list of open files has changed // (and it shouldn't in the normal case). if (gOpenFdTable == nullptr) { gOpenFdTable = FileDescriptorTable::Create(fds_to_ignore, fail_fn); } else { gOpenFdTable->Restat(fds_to_ignore, fail_fn); } android_fdsan_error_level fdsan_error_level = android_fdsan_get_error_level(); // 通过Linux fork pid_t pid = fork(); if (pid == 0) { // The child process. PreApplicationInit(); // Clean up any descriptors which must be closed immediately DetachDescriptors(env, fds_to_close, fail_fn); // Invalidate the entries in the USAP table. ClearUsapTable(); // Re-open all remaining open file descriptors so that they aren't shared // with the zygote across a fork. gOpenFdTable->ReopenOrDetach(fail_fn); // Turn fdsan back on. android_fdsan_set_error_level(fdsan_error_level); } else { ALOGD("Forked child process %d", pid); } // We blocked SIGCHLD prior to a fork, we unblock it here. UnblockSignal(SIGCHLD, fail_fn); return pid; } ``` #### SpecializeCommon `SpecializeCommon`函数主要是根据参数设置进程的一些参数,如权限,调度策略. ```cpp [frameworks/base/core/jni/com_android_internal_os_Zygote.cpp] static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities, jlong effective_capabilities, jint mount_external, jstring managed_se_info, jstring managed_nice_name, bool is_system_server, bool is_child_zygote, jstring managed_instruction_set, jstring managed_app_data_dir) { const char* process_name = is_system_server ? "system_server" : "zygote"; auto fail_fn = std::bind(ZygoteFailure, env, process_name, managed_nice_name, _1); auto extract_fn = std::bind(ExtractJString, env, process_name, managed_nice_name, _1); auto se_info = extract_fn(managed_se_info); auto nice_name = extract_fn(managed_nice_name); auto instruction_set = extract_fn(managed_instruction_set); auto app_data_dir = extract_fn(managed_app_data_dir); // Keep capabilities across UID change, unless we're staying root. if (uid != 0) { EnableKeepCapabilities(fail_fn); } SetInheritable(permitted_capabilities, fail_fn); DropCapabilitiesBoundingSet(fail_fn); bool use_native_bridge = !is_system_server && instruction_set.has_value() && android::NativeBridgeAvailable() && android::NeedsNativeBridge(instruction_set.value().c_str()); if (use_native_bridge && !app_data_dir.has_value()) { // The app_data_dir variable should never be empty if we need to use a // native bridge. In general, app_data_dir will never be empty for normal // applications. It can only happen in special cases (for isolated // processes which are not associated with any app). These are launched by // the framework and should not be emulated anyway. use_native_bridge = false; ALOGW("Native bridge will not be used because managed_app_data_dir == nullptr."); } MountEmulatedStorage(uid, mount_external, use_native_bridge, fail_fn); // If this zygote isn't root, it won't be able to create a process group, // since the directory is owned by root. if (!is_system_server && getuid() == 0) { const int rc = createProcessGroup(uid, getpid()); if (rc == -EROFS) { ALOGW("createProcessGroup failed, kernel missing CONFIG_CGROUP_CPUACCT?"); } else if (rc != 0) { ALOGE("createProcessGroup(%d, %d) failed: %s", uid, /* pid= */ 0, strerror(-rc)); } } SetGids(env, gids, fail_fn); SetRLimits(env, rlimits, fail_fn); if (use_native_bridge) { // Due to the logic behind use_native_bridge we know that both app_data_dir // and instruction_set contain values. android::PreInitializeNativeBridge(app_data_dir.value().c_str(), instruction_set.value().c_str()); } if (setresgid(gid, gid, gid) == -1) { fail_fn(CREATE_ERROR("setresgid(%d) failed: %s", gid, strerror(errno))); } // Must be called when the new process still has CAP_SYS_ADMIN, in this case, // before changing uid from 0, which clears capabilities. The other // alternative is to call prctl(PR_SET_NO_NEW_PRIVS, 1) afterward, but that // breaks SELinux domain transition (see b/71859146). As the result, // privileged syscalls used below still need to be accessible in app process. SetUpSeccompFilter(uid, is_child_zygote); if (setresuid(uid, uid, uid) == -1) { fail_fn(CREATE_ERROR("setresuid(%d) failed: %s", uid, strerror(errno))); } // The "dumpable" flag of a process, which controls core dump generation, is // overwritten by the value in /proc/sys/fs/suid_dumpable when the effective // user or group ID changes. See proc(5) for possible values. In most cases, // the value is 0, so core dumps are disabled for zygote children. However, // when running in a Chrome OS container, the value is already set to 2, // which allows the external crash reporter to collect all core dumps. Since // only system crashes are interested, core dump is disabled for app // processes. This also ensures compliance with CTS. int dumpable = prctl(PR_GET_DUMPABLE); if (dumpable == -1) { ALOGE("prctl(PR_GET_DUMPABLE) failed: %s", strerror(errno)); RuntimeAbort(env, __LINE__, "prctl(PR_GET_DUMPABLE) failed"); } if (dumpable == 2 && uid >= AID_APP) { if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { ALOGE("prctl(PR_SET_DUMPABLE, 0) failed: %s", strerror(errno)); RuntimeAbort(env, __LINE__, "prctl(PR_SET_DUMPABLE, 0) failed"); } } // Set process properties to enable debugging if required. if ((runtime_flags & RuntimeFlags::DEBUG_ENABLE_JDWP) != 0) { EnableDebugger(); } if ((runtime_flags & RuntimeFlags::PROFILE_FROM_SHELL) != 0) { // simpleperf needs the process to be dumpable to profile it. if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) { ALOGE("prctl(PR_SET_DUMPABLE) failed: %s", strerror(errno)); RuntimeAbort(env, __LINE__, "prctl(PR_SET_DUMPABLE, 1) failed"); } } if (NeedsNoRandomizeWorkaround()) { // Work around ARM kernel ASLR lossage (http://b/5817320). int old_personality = personality(0xffffffff); int new_personality = personality(old_personality | ADDR_NO_RANDOMIZE); if (new_personality == -1) { ALOGW("personality(%d) failed: %s", new_personality, strerror(errno)); } } SetCapabilities(permitted_capabilities, effective_capabilities, permitted_capabilities, fail_fn); SetSchedulerPolicy(fail_fn); __android_log_close(); stats_log_close(); const char* se_info_ptr = se_info.has_value() ? se_info.value().c_str() : nullptr; const char* nice_name_ptr = nice_name.has_value() ? nice_name.value().c_str() : nullptr; if (selinux_android_setcontext(uid, is_system_server, se_info_ptr, nice_name_ptr) == -1) { fail_fn(CREATE_ERROR("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed", uid, is_system_server, se_info_ptr, nice_name_ptr)); } // Make it easier to debug audit logs by setting the main thread's name to the // nice name rather than "app_process". if (nice_name.has_value()) { SetThreadName(nice_name.value()); } else if (is_system_server) { SetThreadName("system_server"); } // Unset the SIGCHLD handler, but keep ignoring SIGHUP (rationale in SetSignalHandlers). UnsetChldSignalHandler(); // 如果fork的子进程是system_server, 则需要回调Zygote的方法 if (is_system_server) { // callPostForkSystemServerHooks env->CallStaticVoidMethod(gZygoteClass, gCallPostForkSystemServerHooks); if (env->ExceptionCheck()) { fail_fn("Error calling post fork system server hooks."); } // Prefetch the classloader for the system server. This is done early to // allow a tie-down of the proper system server selinux domain. // ZygoteInit类的createSystemServerClassLoader env->CallStaticVoidMethod(gZygoteInitClass, gCreateSystemServerClassLoader); if (env->ExceptionCheck()) { // Be robust here. The Java code will attempt to create the classloader // at a later point (but may not have rights to use AoT artifacts). env->ExceptionClear(); } // TODO(oth): Remove hardcoded label here (b/117874058). static const char* kSystemServerLabel = "u:r:system_server:s0"; if (selinux_android_setcon(kSystemServerLabel) != 0) { fail_fn(CREATE_ERROR("selinux_android_setcon(%s)", kSystemServerLabel)); } } //callPostForkChildHooks env->CallStaticVoidMethod(gZygoteClass, gCallPostForkChildHooks, runtime_flags, is_system_server, is_child_zygote, managed_instruction_set); if (env->ExceptionCheck()) { fail_fn("Error calling post fork hooks."); } } ``` `callPostForkSystemServerHooks`和`callPostForkChildHooks`,是针对`Zygote`的两个hook,我们这里略过,重点在于`ZygoteInit`类的`createSystemServerClassLoader`方法 #### ZygoteInit.createSystemServerClassLoader ```java [frameworks/base/core/java/com/android/internal/os/ZygoteInit.java] /** * Create the classloader for the system server and store it in * {@link sCachedSystemServerClassLoader}. This function may be called through JNI in * system server startup, when the runtime is in a critically low state. Do not do * extended computation etc here. */ private static void createSystemServerClassLoader() { if (sCachedSystemServerClassLoader != null) { return; } final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH"); // TODO: Should we run optimization here? if (systemServerClasspath != null) { sCachedSystemServerClassLoader = createPathClassLoader(systemServerClasspath, VMRuntime.SDK_VERSION_CUR_DEVELOPMENT); } } ``` `createSystemServerClassLoader`被调用是已经在`system_server`进程里了,这个函数只是获取了`SYSTEMSERVERCLASSPATH`环境变量,创建了`sCachedSystemServerClassLoader`,下图是在Android手机上截取的环境变量,可以看到`SYSTEMSERVERCLASSPATH`. fork相关的部分到这里就结束了,我们现在退栈到`ZygoteInit`的`forkSystemServer`, 看下`handleSystemServerProcess` ![SYSTEMSERVERCLASSPATH](/files/-MRAsiIUv1-RvhbAgzcj) #### ZygoteInit.handleSystemServerProcess ```java [frameworks/base/core/java/com/android/internal/os/ZygoteInit.java] /** * Finish remaining work for the newly forked system server process. */ private static Runnable handleSystemServerProcess(ZygoteArguments parsedArgs) { // set umask to 0077 so new files and directories will default to owner-only permissions. Os.umask(S_IRWXG | S_IRWXO); if (parsedArgs.mNiceName != null) { Process.setArgV0(parsedArgs.mNiceName); } final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH"); if (systemServerClasspath != null) { // 代码优化,这里对system_server相关的dex文件进行优化,生成优化后的机器码,如果优化完成,则之前设置的sCachedSystemServerClassLoader就没用了,因为之后都是通过机器码去加载,不再使用classloader。 // 优化部分的代码与本主题无关,这里就不贴了 if (performSystemServerDexOpt(systemServerClasspath)) { // Throw away the cached classloader. If we compiled here, the classloader would // not have had AoT-ed artifacts. // Note: This only works in a very special environment where selinux enforcement is // disabled, e.g., Mac builds. sCachedSystemServerClassLoader = null; } // Capturing profiles is only supported for debug or eng builds since selinux normally // prevents it. // Debug模式下才会走这个分支 boolean profileSystemServer = SystemProperties.getBoolean( "dalvik.vm.profilesystemserver", false); if (profileSystemServer && (Build.IS_USERDEBUG || Build.IS_ENG)) { try { prepareSystemServerProfile(systemServerClasspath); } catch (Exception e) { Log.wtf(TAG, "Failed to set up system server profile", e); } } } // parsedArgs.mInvokeWith == null,所以不会走到这个分支 if (parsedArgs.mInvokeWith != null) { String[] args = parsedArgs.mRemainingArgs; // If we have a non-null system server class path, we'll have to duplicate the // existing arguments and append the classpath to it. ART will handle the classpath // correctly when we exec a new process. if (systemServerClasspath != null) { String[] amendedArgs = new String[args.length + 2]; amendedArgs[0] = "-cp"; amendedArgs[1] = systemServerClasspath; System.arraycopy(args, 0, amendedArgs, 2, args.length); args = amendedArgs; } WrapperInit.execApplication(parsedArgs.mInvokeWith, parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion, VMRuntime.getCurrentInstructionSet(), null, args); throw new IllegalStateException("Unexpected return from WrapperInit.execApplication"); } else { // 走到这里,重建classloader createSystemServerClassLoader(); ClassLoader cl = sCachedSystemServerClassLoader; if (cl != null) { Thread.currentThread().setContextClassLoader(cl); } /* * Pass the remaining arguments to SystemServer. */ return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion, parsedArgs.mRemainingArgs, cl); } /* should never reach here */ } ``` `handleSystemServerProcess`主要做了两件事: 1. 优化相关代码 2. 调用ZygoteInit.zygoteInit #### ZygoteInit.zygoteInit ```java [frameworks/base/core/java/com/android/internal/os/ZygoteInit.java] /** * The main function called when started through the zygote process. This could be unified with * main(), if the native code in nativeFinishInit() were rationalized with Zygote startup.

* * Current recognized args: *

    *
  • [--] <start class name> <args> *
* * @param targetSdkVersion target SDK version * @param argv arg strings */ public static final Runnable zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader) { if (RuntimeInit.DEBUG) { Slog.d(RuntimeInit.TAG, "RuntimeInit: Starting application from zygote"); } Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "ZygoteInit"); // 日志重定向 RuntimeInit.redirectLogStreams(); // 通用初始化 RuntimeInit.commonInit(); // native方法 ZygoteInit.nativeZygoteInit(); return RuntimeInit.applicationInit(targetSdkVersion, argv, classLoader); } ``` `zygoteInit`的主要工作: 1. 重定向日志 2. 完成一些通用初始化:时区等 3. 调用native方法初始化,这个函数主要使用创建进行的线程池,待会儿看一下 4. 最后调用RuntimeInit.applicationInit进一步处理参数 下面先看下`ZygoteInit.nativeZygoteInit` ```java [frameworks/base/core/java/com/android/internal/os/ZygoteInit.java] private static final native void nativeZygoteInit(); ``` #### nativeZygoteInit `nativeZygoteInit`函数在`AndroidRuntime.cpp`中 ```cpp [frameworks/base/core/jni/AndroidRuntime.cpp] // nativeZygoteInit方法和com_android_internal_os_ZygoteInit_nativeZygoteInit函数绑定在一起 int register_com_android_internal_os_ZygoteInit_nativeZygoteInit(JNIEnv* env) { const JNINativeMethod methods[] = { { "nativeZygoteInit", "()V", (void*) com_android_internal_os_ZygoteInit_nativeZygoteInit }, }; return jniRegisterNativeMethods(env, "com/android/internal/os/ZygoteInit", methods, NELEM(methods)); } static void com_android_internal_os_ZygoteInit_nativeZygoteInit(JNIEnv* env, jobject clazz) { gCurRuntime->onZygoteInit(); } ``` `AndroidRuntime`中,`onZygoteInit`是个虚函数,啥都没做,看下`AndroidRuntime`的定义 ```cpp [frameworks/base/core/jni/include/android_runtime/AndroidRuntime.h] namespace android { class AndroidRuntime { public: AndroidRuntime(char* argBlockStart, size_t argBlockSize); virtual ~AndroidRuntime(); enum StartMode { Zygote, SystemServer, Application, Tool, }; void setArgv0(const char* argv0, bool setProcName = false); void addOption(const char* optionString, void* extra_info = NULL); /** * Register a set of methods in the specified class. */ static int registerNativeMethods(JNIEnv* env, const char* className, const JNINativeMethod* gMethods, int numMethods); /** * Call a class's static main method with the given arguments, */ status_t callMain(const String8& className, jclass clazz, const Vector& args); /** * Find a class, with the input either of the form * "package/class" or "package.class". */ static jclass findClass(JNIEnv* env, const char* className); void start(const char *classname, const Vector& options, bool zygote); void exit(int code); void setExitWithoutCleanup(bool exitWithoutCleanup) { mExitWithoutCleanup = exitWithoutCleanup; } static AndroidRuntime* getRuntime(); /** * This gets called after the VM has been created, but before we * run any code. Override it to make any FindClass calls that need * to use CLASSPATH. */ virtual void onVmCreated(JNIEnv* env); /** * This gets called after the JavaVM has initialized. Override it * with the system's native entry point. */ virtual void onStarted() = 0; /** * This gets called after the JavaVM has initialized after a Zygote * fork. Override it to initialize threads, etc. Upon return, the * correct static main will be invoked. */ // 啥都没做 virtual void onZygoteInit() { } /** * Called when the Java application exits to perform additional cleanup actions * before the process is terminated. */ virtual void onExit(int /*code*/) { } /** create a new thread that is visible from Java */ static android_thread_id_t createJavaThread(const char* name, void (*start)(void *), void* arg); /** return a pointer to the VM running in this process */ static JavaVM* getJavaVM() { return mJavaVM; } /** return a pointer to the JNIEnv pointer for this thread */ static JNIEnv* getJNIEnv(); /** return a new string corresponding to 'className' with all '.'s replaced by '/'s. */ static char* toSlashClassName(const char* className); /** Create a Java string from an ASCII or Latin-1 string */ static jstring NewStringLatin1(JNIEnv* env, const char* bytes); private: static int startReg(JNIEnv* env); bool parseRuntimeOption(const char* property, char* buffer, const char* runtimeArg, const char* defaultArg = ""); bool parseCompilerOption(const char* property, char* buffer, const char* compilerArg, const char* quotingArg); bool parseCompilerRuntimeOption(const char* property, char* buffer, const char* runtimeArg, const char* quotingArg); void parseExtraOpts(char* extraOptsBuf, const char* quotingArg); int startVm(JavaVM** pJavaVM, JNIEnv** pEnv, bool zygote); Vector mOptions; bool mExitWithoutCleanup; char* const mArgBlockStart; const size_t mArgBlockLength; /* JNI JavaVM pointer */ static JavaVM* mJavaVM; /* * Thread creation helpers. */ static int javaCreateThreadEtc( android_thread_func_t entryFunction, void* userData, const char* threadName, int32_t threadPriority, size_t threadStackSize, android_thread_id_t* threadId); static int javaThreadShell(void* args); }; } ``` 实际运行中,`onZygoteInit`的函数的具体实现是在`AppRuntime`里面 ```cpp [frameworks/base/cmds/app_process/app_main.cpp] virtual void onZygoteInit() { // 打开/dev/binder,再利用mmap()映射内核的地址空间,将Binder驱动的fd赋值ProcessState对象中的变量mDriverFD,用于交互操作。 sp proc = ProcessState::self(); ALOGV("App process: starting thread pool.\n"); // startThreadPoll()是创建一个新的binder,不断进行talkWithDriver() proc->startThreadPool(); } ``` `nativeZygoteInit`看完了,现在回去继续看Java空间的处理,下面看`RuntimeInit.applicationInit` #### RuntimeInit.applicationInit ```java [frameworks/base/core/java/com/android/internal/os/RuntimeInit.java] protected static Runnable applicationInit(int targetSdkVersion, String[] argv, ClassLoader classLoader) { // If the application calls System.exit(), terminate the process // immediately without running any shutdown hooks. It is not possible to // shutdown an Android application gracefully. Among other things, the // Android runtime shutdown hooks close the Binder driver, which can cause // leftover running threads to crash before the process actually exits. nativeSetExitWithoutCleanup(true); // We want to be fairly aggressive about heap utilization, to avoid // holding on to a lot of memory that isn't needed. VMRuntime.getRuntime().setTargetHeapUtilization(0.75f); VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion); final Arguments args = new Arguments(argv); // The end of of the RuntimeInit event (see #zygoteInit). Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); // Remaining arguments are passed to the start class's static main // 查找目标类中的static main方法,这里的args。startClass就是com.android.server.SystemServer return findStaticMain(args.startClass, args.startArgs, classLoader); } ``` `findStaticMain`函数就是找到目标类中的`static main`方法,实现主要就是通过反射,比较简单就不细看了。 追了一路,这里稍微总结下:`Zygote`通过fork出一个进程,然后在这个进程中准备一系列参数,最终返回的`Runnable`就是`com.android.server.SystemServer`的`main`方法。之后子进程就从`main`开始往下走了。下面我们就正式进入`SystemServer`的代码中去了。 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sphantix-hang.gitbook.io/timebook/5.-ji-shu-pian/android-ji-shu/yuan-ma-yue-du/framework_zygote_start_system_server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.